|
Ubuntu ufw and static tunnel timeout
![[de]](/s/countries/de.gif) Shadow Hawkins on Friday, 02 April 2010 15:14:53
Hello,
did anyone succeed in using the Ubuntu (8.04) ufw firewall with a static tunnel? With this setup, the ping test regularly fails when no other data is transferred.
I can verify this myself: If I ping the host, it doesn't reply, but as soon as the host itself starts transfering some IPv6 data, ping works again for a while. The host has a static IP without NAT.
This clearly looks like the problem described at https://www.sixxs.net/faq/connectivity/?faq=conntracking, but the solutions listed on that page don't work. If I shutdown ufw at all, it works fine.
Anyone has a working setup like this? Or do I need to drop ufw and use something else?
Thanks,
Florian
Ubuntu ufw and static tunnel timeout
![[us]](/s/countries/us.gif) Shadow Hawkins on Saturday, 03 April 2010 21:00:03
The solutions on that page are keeping the protocol 41 for the tunnel out of your NAT.
On your static IP without NAT, you likely need to allow the inbound protocol 41. Something like this might do it:
iptables -I INPUT 1 -p 41 -j ACCEPT
Ubuntu ufw and static tunnel timeout
Shadow Hawkins on Monday, 05 April 2010 13:21:53
Hi John,
thanks a lot, that did the trick!
I read http://www.sixxs.net/faq/connectivity/?faq=firewalled but wasn't aware that I also need proto 41 incoming, just had allowed established and related connections to go in.
Maybe it makes sense to edit the page and add that information. :-)
Thanks again!
Florian
Ubuntu ufw and static tunnel timeout
![[cz]](/s/countries/cz.gif) Shadow Hawkins on Wednesday, 07 April 2010 15:19:47
Hello,
you must have in /etc/default/ufw the line:
IPV6=yes
Thats all ;-)
Obrys
Ubuntu ufw and static tunnel timeout
Shadow Hawkins on Wednesday, 14 April 2010 19:08:40
Hello Jan,
IMHO, that only means that all rules apply for IPv6 as well - but they do not permit protocol 41 packets automatically.
Florian
|
Posting is only allowed when you are